private void extractRevocationDataFromCertificateChain(Set<RevocationWrapper> result, List<String> certificateChainIds) { for (String certificateId : certificateChainIds) { CertificateWrapper certificate = diagnosticData.getUsedCertificateById(certificateId); if (certificate != null && certificate.getRevocationData() != null) { result.addAll(certificate.getRevocationData()); } } }
/** * This method returns all revocation data * * @return a set of revocation data */ public Set<RevocationWrapper> getAllRevocationData() { Set<RevocationWrapper> revocationData = new HashSet<RevocationWrapper>(); List<CertificateWrapper> certificates = getUsedCertificates(); if (Utils.isCollectionNotEmpty(certificates)) { for (CertificateWrapper certificate : certificates) { Set<RevocationWrapper> revocations = certificate.getRevocationData(); if (revocations != null) { revocationData.addAll(revocations); } } } return revocationData; }
public RevocationWrapper getLatestRevocationData() { RevocationWrapper latest = null; for (RevocationWrapper revoc : getRevocationData()) { if (latest == null || (latest.getProductionDate() != null && revoc != null && revoc.getProductionDate() != null && revoc.getProductionDate().after(latest.getProductionDate()))) { latest = revoc; } } return latest; }
private boolean isRevocationFreshnessCheckInvalid(CertificateWrapper certificateWrapper, TimestampWrapper timeStampWrapper) { return certificateWrapper.getRevocationData().stream().anyMatch( r -> { if (CRL_REVOCATION_SOURCE.equals(r.getSource())) { return !(timeStampWrapper.getProductionTime().after(r.getThisUpdate()) && timeStampWrapper.getProductionTime().before(r.getNextUpdate())); } return isInRangeMillis(r.getProductionDate(), timeStampWrapper.getProductionTime(), REVOCATION_FRESHNESS_DAY_DIFFERENCE); }); }
@Override protected boolean process() { Set<RevocationWrapper> revocationData = certificate.getRevocationData(); if (Utils.isCollectionNotEmpty(revocationData)) { for (RevocationWrapper revocation : revocationData) { /* * certHash extension can be present in an OCSP Response. If present, a digest match indicates the OCSP * responder knows the certificate as we have it, and so also its revocation state */ if (revocation.isCertHashExtensionPresent() && !revocation.isCertHashExtensionMatch()) { return false; } } } return true; }
private Date getRevocationDateForSigningCertificate(SignatureWrapper currentSignature) { CertificateWrapper signingCertificate = diagnosticData.getUsedCertificateById(currentSignature.getSigningCertificateId()); if (signingCertificate != null && signingCertificate.getRevocationData() != null) { return signingCertificate.getLatestRevocationData().getRevocationDate(); } return null; }
void validateRevocationFreshness(eu.europa.esig.dss.validation.reports.Reports reports) { DiagnosticData diagnosticData = reports.getDiagnosticData(); if (diagnosticData.getUsedCertificates() != null && diagnosticData.getSigningCertificateId() != null) { for (CertificateWrapper certificateWrapper : diagnosticData.getUsedCertificates()) { for (SignatureWrapper signatureWrapper : diagnosticData.getSignatures()) { if (certificateWrapper.getId().equals(signatureWrapper.getSigningCertificateId()) && !signatureWrapper.getTimestampList().isEmpty()) { TimestampWrapper timeStampWrapper = getFirstTimestamp(signatureWrapper.getTimestampList()); if (timeStampWrapper.getProductionTime() == null) return; boolean revocationFreshnessCheckInvokeError = isRevocationFreshnessCheckInvalid(certificateWrapper, timeStampWrapper); if (revocationFreshnessCheckInvokeError) { reports.getSimpleReport().getErrors(signatureWrapper.getId()).add(REVOCATION_FRESHNESS_FAULT); } else { boolean revocationFreshnessCheckInvokeWarning = certificateWrapper.getRevocationData().stream().anyMatch( r -> !CRL_REVOCATION_SOURCE.equals(r.getSource()) && isInRangeMillis(r.getProductionDate(), timeStampWrapper.getProductionTime(), REVOCATION_FRESHNESS_FIFTEEN_MINUTES_DIFFERENCE)); if (revocationFreshnessCheckInvokeWarning) { reports.getSimpleReport().getWarnings(signatureWrapper.getId()).add(REVOCATION_FRESHNESS_FAULT); } } } } } } }
public void init(DiagnosticData diagnosticData, Date currentTime) { Set<SignatureWrapper> signatures = diagnosticData.getAllSignatures(); for (SignatureWrapper signature : signatures) { addPOE(signature.getId(), currentTime); } Set<TimestampWrapper> timestamps = diagnosticData.getAllTimestamps(); for (TimestampWrapper timestamp : timestamps) { addPOE(timestamp.getId(), currentTime); } List<CertificateWrapper> usedCertificates = diagnosticData.getUsedCertificates(); for (CertificateWrapper certificate : usedCertificates) { addPOE(certificate.getId(), currentTime); Set<RevocationWrapper> revocations = certificate.getRevocationData(); if (Utils.isCollectionNotEmpty(revocations)) { for (RevocationWrapper revocation : revocations) { if (RevocationOrigin.SIGNATURE.name().equals(revocation.getOrigin())) { addPOE(revocation.getId(), currentTime); } } } } }
private String getRevocationIdByDigest(XmlDigestAlgoAndValue digestAlgoValue, DiagnosticData diagnosticData) { List<CertificateWrapper> certificates = diagnosticData.getUsedCertificates(); if (Utils.isCollectionNotEmpty(certificates)) { for (CertificateWrapper certificate : certificates) { Set<RevocationWrapper> revocations = certificate.getRevocationData(); if (Utils.isCollectionNotEmpty(revocations)) { for (RevocationWrapper revocationData : revocations) { List<XmlDigestAlgoAndValue> digestAlgAndValues = revocationData.getDigestAlgoAndValues(); for (XmlDigestAlgoAndValue revocDigestAndValue : digestAlgAndValues) { if (Utils.areStringsEqual(revocDigestAndValue.getDigestMethod(), digestAlgoValue.getDigestMethod()) && Utils.areStringsEqual(revocDigestAndValue.getDigestValue(), digestAlgoValue.getDigestValue())) { return revocationData.getId(); } } } } } } return null; }
Set<RevocationWrapper> revocations = certificate.getRevocationData(); for (RevocationWrapper revocation : revocations) { if ((latestCompliantRevocation == null || revocation.getProductionDate().after(latestCompliantRevocation.getProductionDate()))